Security Basics mailing list archives
RE: Security Organization in Banks
From: "Dave Dyer" <ddyer () ciber com>
Date: Tue, 6 Jul 2004 16:10:53 -0600
Alessandro, I'm by no means an expert in this arena, but I believe there was an article in CIO magazine that spoke about aligning InfoSec under a CTO versus a CIO. I've seen this organizational structure in banks, and it seems quite effective: http://www.cio.com/archive/041504/homeland.html Also, most banks in the US are at least a little familiar with the Sarbanes-Oxley act, which drives many high-level security decisions. Some of the security highlights can be found here: http://www.cio.com/newrules/ I've seen both of these factors first-hand in banks we've done work for in the past. However, sending out that information to the mailing list would probably not be smiled upon. Hope that helps. Thanks, Dave -----Original Message----- From: Alessandro Bottonelli [mailto:a.bottonelli () axis-net it] Sent: Tuesday, July 06, 2004 5:18 AM To: security-basics () securityfocus com Subject: Security Organization in Banks Hi, I am looking for "case studies" on how US and/or European Banks set up their Security Organizations. Before you tell me... I already googled with no good answers! :-( I am more interested at how they set up organizationally than technically. I mean: is there one single organization for both "traditional" security and IT security or are they two distinct orgs? To whom the head(s) of such security org(s) report? If and how traditional and IT security are integrated, and to what degree? Any resources out there or cases you can report first-hand? The names of the Banks would be nice, but the region will eventually suffice. Thanks in advance. -- Alessandro Bottonelli CISSP & BS7799 Lead Auditor A.Bottonelli(at)axis-net.it --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --------------------------------------------------------------------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ----------------------------------------------------------------------------
Current thread:
- Security Organization in Banks Alessandro Bottonelli (Jul 06)
- RE: Security Organization in Banks Dave Dyer (Jul 07)
- Re: Security Organization in Banks Steve (Jul 08)
- Info HIDS Carlos H (Jul 08)
- Re: Info HIDS Don Voss (Jul 09)
- Re: Info HIDS captgoodnight (Jul 09)
- Re: Info HIDS Daniel Cid (Jul 09)
- Re: Info HIDS Dave Dearinger (Jul 12)
- RE: Security Organization in Banks Dave Dyer (Jul 07)